- The OAUTH requires a backchannel connection to the authorization provider;
- The Federation gateway (or any servers in the environment) has NO direct outgoing connection to the Internet.
- All outgoing connections have to go thru a proxy server (Corporate Security Policy)
- the Siteminder OAUTH Authentication Schemes and OpenID Authentication Schemes DO support the proxy for the back channel
- the OAUTH Federation does not support proxy.
- Event if we could get an exemption for the outgoing connection, we have many other environments that will never be allowed to go out directly (DEV, Certification, QA, Integration, Training...)
I'm asking to have the ability to specify a proxy server for the backchannel in the OAUTH Federation (just like we can do it with the oauth.fcc).